What are Trusted Lists?
Under eIDAS Article 22, each EU member state must establish, maintain, and publish a Trusted List of qualified trust service providers and the qualified services they offer. These lists serve as the authoritative, machine-readable registry for all QTSPs in the European Union. They are published in a standardised XML format (ETSI TS 119 612) and are aggregated by the European Commission.
How to verify a provider
To check whether a timestamping provider holds qualified status, navigate to the European Commission's central Trusted List browser. Search by country, provider name, or service type. Each entry shows the provider's qualified status, the services they offer, the supervisory body, and the date of last audit. Always verify before entering into contracts involving qualified timestamps.
Reading the status codes
Trusted List entries use standard status codes: 'granted' means the service is actively qualified; 'withdrawn' means qualification has been revoked; 'suspended' means temporarily non-operational. Only services with 'granted' status produce legally presumed qualified outputs.
Integration tip
Automated systems can consume Trusted Lists via their XML endpoints. This allows your timestamping verification pipeline to automatically check whether a token was issued by a currently qualified provider, adding an additional layer of trust to your compliance workflow.